[Samba] samba Active directory and SSO
M.Sebbane at aui.ma
M.Sebbane at aui.ma
Fri Dec 16 15:48:24 GMT 2005
Dear all,
I guess there were a lot of posts about this subject, but Im really stuck
& prefer start a new thread hoping that some of you
won't mind re-posting to help the Samba NewBie that I am.
well, here is my situation:
- more than 1000 users on a hetegenous network, One Domain & the need to
keep only one.
- I need my Linux Boxes' users to get authenticated against a single AD,
therefore I installed Samba 3 on a redhat 9 kernel 2.4,
- smbd, nmbd & Winbind are running
- the linux boxes joined my domain using the command
[root at LinuxBox root]#net ads join -U Administrator%password
- I am able to view the list of the users in the AC, with:
[root at LinuxBox root]#/usrlocal/samba/bin/wbinfo -u
HOWEVER, I get the listing in the format username not the supposed
MYDAMAINNAME+username
furthermore, when I try to logon the linuxbox using one of my AD users, I
simply cannot
Please find below my config files: smb.conf, /pam.d./login & /etc/nsswitch
Thank you very much for reading my post & Please let me know if you need
anymore information....
Best Regards,
smb.conf
#======================= Global Settings
=====================================
[global]
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = medi
netbios name = LinuxMachine
logon drive = h:
logon home = \\home_dir_server\%U
logon script = %U.bat
winbind separator = :
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enunm users = yes
winbind enunm groups = yes
template homedir = /home/%D/ %U
template shell = /bin/bash
winbind usedefault domain = yes
client use spnego = yes
unix extensions = yes
case sensitive = yes
delete readonly = yes
# server string is the equivalent of the NT Description field
server string = Samba Server
max log size = 50
security = ADS
ads server = 10.100.101.62
password server = 10.100.101.62
encrypt passwords = yes
realm = medi.com
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
pam password change = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server = 10.100.101.62
username map = /etc/samba/smbusers
dns proxy = no
#============================ Share Definitions
==============================
[homes]
comment = Home Directories
browseable = no
writeable = yes
valid users = %S
create mode = 0664
directory mode = 0775
[shared]
path = /home/shared
writeable = yes
guest ok = yes
[medi]
path = /home/medi
writeable = yes
Login
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so use_first_pass
auth required /lib/security/pam_stack.so
service=system-auth
auth required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so
service=system-auth
password required /lib/security/pam_stack.so
service=system-auth
session required /lib/security/pam_stack.so
service=system-auth
session optional /lib/security/pam_console.so
#auth requisite pam_nologin.so
#auth requisite pam_krb5.so
#auth optional pam_smbpass.so migrate
#account required pam_krb5.so
#password requisite pam_cracklib.so retry=3
#password optional pam_smbpass.so nullok use_authtok
try_first_pass
#password required pam_krb5.so use_authtok try_first_pass
#session required pam_krb5.so
nsswitch:
passwd: files winbind
shadow: files
group: files winbind
===================================
Sebbane Mehdi
Network & Systems Administrator
ITS Department
Alakhawayn University
Ifrane 53000
Morocco
Voice : +212 (0) 55 86 24 23
Fax: +212 (0) 55 86 24 24
www.aui.ma
===================================
More information about the samba
mailing list